Firefox 11 Security Sandbox Violation

Report · Apr 04, 2012

I'm working with a local version of my Application - and since I've updated to Firefox 11 I'm having issues with Javascript call backs throwing an error when trying to access the Flash movie.

I've added the preload file, main file, and directory to the Local Trusted locations - and I'm still getting the error; I've confirmed that allowscriptaccess="always" on the page.

I'm running on a Mac OSX 10.7.3 with the latest Flash debugger player 11.2.

*** Security Sandbox Violation ***

SecurityDomain 'null' tried to access incompatible context 'file:/../bin-debug/InitialPreloader.swf?0.6524682486757879'

Here's the kicker - this only happens in Firefox 11 - did not happen in 10 - and does not happen when running locally on Safari (5.1.3), Chrome(18.01) or Opera(11.62)

I did have FlashFireBug installed - but even after the uninstall/disabling - the violation still occurs. Not sure that adding "security unlocks" of sorts inside the application was appropriate because it only happens in one browser.

I generally do prefer Firefox (the FlashFireBug add-on makes some things easier) - and can work around it; but I haven't seen any issues about this so I thought it should be reported - or maybe because I missed something.

Thanks.

-Will

Report · Apr 09, 2012

Happening for me too... except in multiple browsers. Seems to be new with Flash 11.2 since this just started (and the site I'm seeing this on hasn't been updated for about a year).

Report · Apr 09, 2012

Forwarding to our security team for their review.

Report · Apr 10, 2012

I traced down the issue on my end. At root, it doesn't seem to be a security error. The site is loading a series of videos and needed to know the duration of each in order to render the UI. The flow:

_videoURL = 'foo.flv';

_connection = new NetConnection();

_connection.addEventListener(NetStatusEvent.NET_STATUS, netStatusHandler);

_connection.connect(null);

//later, in netStatusHandler

switch (event.info.code) {

case "NetConnection.Connect.Success":

_connection.removeEventListener(NetStatusEvent.NET_STATUS, netStatusHandler);

connectStream();

break;

//...

}

//later, in connectStream

_stream = new NetStream(_connection);

_stream.client = {onMetaData:metaDataHandler};

var video:Video = new Video();

video.attachNetStream(_stream);

_stream.play(_videoURL);

//later, in metaDataHandler

_stream.pause();

_stream.seek(0);

_stream.close();

//in Flash Player 11.2, immediately calling _stream.close in the onMetaData handler

//causes a crash. Delaying it slightly seems to fix the issue:

//setTimeout(_stream.close, 1000);

Report · Apr 10, 2012

Thank you for the follow up. Glad you were able to track this down.

Report · Apr 10, 2012

Hi,

I am facing same kind of problem in firefox. i posted my question in flex forum http://forums.adobe.com/message/4287116.

Alex asked me to verify browser security settings. I don't know how to do it.

any ideas?

Report · Apr 11, 2012

I've searched through all of the Firefox 11 preferences for Mac that I could find.

The only thing I found that mentions Javascript is under Content it has a Enable Javascript & an advanced button.

The Advanced only gives options to Move/Resize windows, raise lower windows, disable context menus.

Nothing mentions "local javascript security" - so if this is a new setting in the browser, it's pretty obscure - which doesn't help.

My original issue continues to persist in the exact same form.

Since there are other browsers to use, and it's only a local issue, I can't afford to spend time on it. I'll just not use Firefox locally for Javascript/Flash interactions until a new version comes out...then I'll see if it's fixed.

-Will

Report · Apr 13, 2012

for local testing add

Security.allowDomain("*");

in your code.

it works for me. you can not avoid firefox, because it has lot debugging tools.

Adobe Community

Firefox 11 Security Sandbox Violation